Implementation For Apps/Mobile Devices

In this part you will discover how to easily add our Social Login and Social Sharing services to mobile
applications on devices like for example on iPhone, iPad, iOS and Android. You can even use the native authentication SDKs of the social
networks (e.g. Facebook & Twitter) along with OneAll.

For security reasons we strongly advise against storing your OneAll API credentials on any mobile device. In this guide we are describing
different means in order to replace the classic HTTP Basic Authentication with a different
authorization mechanism so that you don't have to hard-code the API credentials into your app.

1. How to enable social network authentication in my app?

The authentication is triggered by sending the users to the following url (e.g. after they click on a login icon in your app):

Make sure to replace the #placeholders# contained in the url.

The key of the social network to login with.Example: twitter, facebook, vimeo

*#nonce#

A string generated by your app and used to make the request unique (e.g. UUID).Example: 6ba7b810-9dad-11d1-80b4-00c04fd430c8

*#callback_uri#

The URI of your mobile app to redirect the user to after having logged in with this social network account. The URI may have a custom
scheme to allow operation under various environments.Example: oneall://callback (for iOS applications)

Upon successful authentication with a social network account, users will be redirected back to the callback_uri to which the
OneAll API will add the url parameter connection_token. This token uniquely identifies the user's connection with his social
network account.

Make sure to replace the #placeholders# contained in the url.

Placeholder

Description

*#your_subdomain

The subdomain of your OneAll site.Example: myshop

*#connection_token#

The connection_token received as url parameter.Example: 18881239-fddb-4b7c-b384-998177c61815

To authenticate against the OneAll API your app must include the previously generated nonce as Authorization HTTP header. The
nonce has to be be prefixed by the string literal OneAllNonce, with a whitespace separating the two strings.

Authorization: OneAllNonce #nonce#

Placeholder

Description

*#nonce#

The unique nonce generate by your app and send as url parameter nonce to the OneAll API.Example:
18881239-fddb-4b7c-b384-998177c61815

The Connection API will return the full user profile data retrieved from the
social network (Facebook, LinkedIn ...). The data is wrapped into the Portable Contacts Format. Please note that the user profile may contain
more or less data depending on the provider.

Your app can now use the retrieved user data to either create a new user account or login the user to an existing account and to share
content on behalf of the user.

3. How to share content on behalf of the user?

For mobile devices the Connection API results include a publish_token
that allows your app to publish content on behalf of a user without using hard-coded API
credentials.

To authenticate against the OneAll API when publishing content on behalf of a user your
app must include the publish_token key as Authorization HTTP header. The key should be prefixed by the string literal
OneAllPublishToken, with a whitespace separating the two strings.

Authorization: OneAllPublishToken #publish_token#

Placeholder

Description

*#publish_token#

A publish_token->key value returned by the Connection API.Example:
71f28422-5a20-4131-b513-16cf6f497b972

4. How to use the native social network SDKs for authentication?

OneAll also supports logins with native SDKs, like for example the Facebook SDK.
This allows application developers to fully customise the login flow. In this case only one step is required to login and retrieve the connection details.

You simply use the native SDK to let the user connect with his social network account and then you import the user with
the access_token that you have received from the social network.

The OneAll API then uses that access_token to retrieve the user's social network profile and adds it to your OneAll site.